If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Spawning Meterpreter Session from a Meterpreter Session

Hi! I just managed to set up my Windows vm using Vmware, and I'm very eager to learn about pentesting. I've ready many tutorials both on this forum, and other websites, and I've managed to gain access to my vm by exploiting ms08_067_netapi. I used a payload of windows/meterpreter/bind_tcp, and I was able to spawn a Meterpreter session. I then read that I should migrate my pid to EXPLORER.EXE so my exploited program isn't closed. After doing this, I attempted to set up a keyloger (using keyscan_start and keyscan_dump) on iexplorer.exe and see if I could catch what my "victim" was browsing, and everything worked! However, after I closed my iexplorer.exe on my vm, my meterpreter shell stoped responding. Which makes sense, because I didn't "migrate" to a new pid before I closed iexplorer.exe.

So my question is, is there a way to spawn a Meterpreter Session from a current Meterpreter Session, or do I have to re-exploit the vm to gain another Meterpreter Session. My thinking is that if I can spawn a Meterpreter Session from my current one, I don't have to worry about iexplorer.exe getting closed before I can migrate out, because I'll have another session still logged in. I was also looking into channels and they looked like a viable way to keylog in a program but not lose my connection if that program was closed.

I'm still learning about Backtrack and Metasploit so I'm sorry if this is a simple question or that I'm missing something basic. Thanks for any feedback!

Re: Spawning Meterpreter Session from a Meterpreter Session

Does not matter if you opened a million handlers/listeners you only have 1 process on the machine, if that's closed then it`s sianara. You need to enable some kind of persistence backdoor if you want to regain access to the machine without having to re-exploit it, google "persistence script".

Last edited by killadaninja; 06-24-2010 at 06:03 AM.

Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Re: Spawning Meterpreter Session from a Meterpreter Session

You probably want to migrate to a process that is less likely to be closed during a normal session such as svchost.exe or explorer.exe. Then setup a reliable persistent backdoor that you can retain access.

Yes you can have multiple sessions running on the same machine but is unnecessary.